Navigation :
Kubernetes GCP Detect Sensitive Object Access
Description
This search provides information on Kubernetes accounts accessing sensitve objects such as configmaps or secrets
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
This search provides information on Kubernetes accounts accessing sensitve objects such as configmaps or secrets
SPL Difficulty
None
Journey
Stage 3
Data Sources
GCP
Audit Trail
Help |
---|
Kubernetes GCP Detect Sensitive Object Access HelpYou must install splunk add on for GCP . This search works with pubsub messaging service logs. |
Search |
---|
`google_gcp_pubsub_message` data.protoPayload.authorizationInfo{}.resource=configmaps OR secrets | table data.protoPayload.requestMetadata.callerIp src_user data.resource.labels.cluster_name data.protoPayload.request.metadata.namespace data.labels.authorization.k8s.io/decision | dedup data.protoPayload.requestMetadata.callerIp src_user data.resource.labels.cluster_name |`kubernetes_gcp_detect_sensitive_object_access_filter` Open in Search |